projects / squasher.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed hardcoded user_id for full access
[squasher.git] / webroot / squasher.php
1 <?php
2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
3         exit();
4
5 require_once("squasher.class.php");
6
7 $squashweb = new squashweb();
8
9 $squashweb->update_history();
10
11 $requestpath = @$_GET['path'];
12 if (!$requestpath || strlen($requestpath)<1 || $requestpath[0]!='/') {
13         $requestpath = '/';
14 }
15
16 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
17         $getdeepfiles=true;
18         $populate=false;
19 } else {
20         $getdeepfiles=false;
21         $populate=true;
22 }
23
24 //update folder rights if form is posted
25 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
26         $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
27
28 //set folder rights
29 if (@$_GET['f']) {
30         $squashweb->give_rights(-1); // full access
31 } else {
32         $squashweb->give_rights($_SESSION['creds']['user_id']);
33 }
34
35 if (@$_GET['f']) {
36         $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
37         $f_r = mysql_query($f_q);
38         $f_o = mysql_fetch_object($f_r);
39
40         //log downloads
41         @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
42
43         $_hpath_arr=explode("/", $f_o->file);
44         $file=array_pop($_hpath_arr); //Remove filename
45         $path=implode("/", $_hpath_arr);
46         $squashweb->read_single_file($path, $file);
47         #$squashweb->read_directory($path, false, true, false, false);
48 } else {
49         //parse folders for readable files
50         $squashweb->read_directory($requestpath, true, true, $getdeepfiles, $populate);
51 }
52
53 //check if a file is requested
54 if (@$_GET['f']) {
55         //get the config of requested file
56         $request = $squashweb->get_config($_GET['f']);
57
58         //show requested file
59         #header('Cache-control: private');
60         header('Content-Disposition: attachment; filename="'.$request[2].'"');
61         header("Content-Type: ".$request['mime']);
62         if ($request[3])
63                 header('Content-Length: '.$request[3]);
64         #@ob_flush();
65         @flush();
66         $squashweb->print_files($request['path'], $request[2]);
67
68 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
69         if ($_SESSION['creds']['user_level'] > 99) {
70                 $request = $squashweb->get_config($_GET['h']);
71                 $handle = fopen(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden', 'x');
72                 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
73                 fclose($handle);
74                 $path=$request['path'];
75                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
76         }
77 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
78         if ($_SESSION['creds']['user_level'] > 99) {
79                 $request = $squashweb->get_config($_GET['h']);
80                 @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
81                 $path=$request['path'];
82                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
83         }
84 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
85         if ($_SESSION['creds']['user_level'] > 99) {
86                 if ($_GET['h'] == "multiple") {
87                         $h_post = $_POST['h'];
88                         foreach ($h_post as $h_key => $h) {
89                                 $request = $squashweb->get_config($h);
90                                 $squashweb->delete_file($h, $_SESSION['creds']);
91                         }
92                 } else {
93                         $h = $_GET['h'];
94                         $request = $squashweb->get_config($h);
95                         $squashweb->delete_file($h, $_SESSION['creds']);
96                 }
97                 $path=$request['path'];
98                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
99         }
100
101 } elseif (@$_POST['tools']=="mkdir" && isset($_GET['path']) && isset($_POST['newname']) && $_SESSION['creds']['user_level'] > 99) {
102         $path = $_GET['path'];
103         $newname = $_POST['newname'];
104         $subs = explode('/', $path);
105         if (in_array('..', $subs))
106                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
107         if ($squashweb->got_rights_array_admin($path) > 0) {
108                 umask(002); // don't remove g+w
109                 mkdir(SQUASHER_UPLOADS_DIR.$path.'/'.$newname);
110         }
111         header( 'Location: ?path='.$path.'/'.$newname) ;
112         
113 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
114         $path = $_GET['path'];
115         $subs = explode('/', $path);
116         if (in_array('..', $subs))
117                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
118         if ($squashweb->got_rights_array_admin($path) > 0) {
119                 rmdir(SQUASHER_UPLOADS_DIR.$path);
120         }
121         array_pop($subs);
122         $path=implode("/", $subs);
123         header( 'Location: ?path='.$path) ;
124         
125 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
126
127         $smarty = get_smarty();
128
129         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
130         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
131         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
132
133         $smarty->assign('edited_user', @$_GET['user']);
134
135         $tree = $squashweb->show_rights_tree($requestpath, 0, @$_GET['user']);
136
137         $smarty->assign('style', $tree['style']);
138         $smarty->assign('layout', $tree['layout']);
139
140         $smarty->assign('debug', @$_GET['debug']);
141         $smarty->assign('folderrights', $squashweb->folderrights());
142         $smarty->assign('userrights', $squashweb->userrights());
143         $smarty->display('admin.tpl');
144
145 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
146         $type = @$_POST['type'];
147         if ($type=="update")
148                 $squashweb->update_users($_POST['u']);
149         if ($type=="disable")
150                 $squashweb->disable_users($_POST['u']);
151         if ($type=="delete")
152                 $squashweb->remove_users($_POST['u']);
153         if ($type=="new")
154                 $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
155         $smarty = get_smarty();
156
157         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
158         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
159         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
160
161         if ($_SESSION['creds']['user_level'] > 199) {
162                 $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
163         } else {
164                 $smarty->assign('user_levels', array(55 => 'user' ) );
165         }
166         $smarty->assign('debug', @$_GET['debug']);
167
168         $smarty->display('udmin.tpl');
169
170 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
171         $logtype=@$_GET['logtype'];
172         if (!$logtype)
173                 $logtype = 'all';
174
175         $smarty = get_smarty();
176
177         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
178         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
179         $smarty->assign('logtype', $logtype);
180         $smarty->assign('logs', $squashweb->get_logs($logtype));
181
182         $smarty->assign('debug', @$_GET['debug']);
183         $smarty->display('logs.tpl');
184
185 } else {
186         //show overview
187
188         $smarty = get_smarty();
189         /***
190         *       $config:: array
191         *       [0]     ->      versioncode
192         *       [1]     ->      date&time
193         *       [2]     ->      filename
194         *       [3]     ->      filesize
195         *       [4]     ->      chunksize
196         *       [5]     ->      chunkcount
197         *       [6]     ->      CRC32 checksum
198         ***/
199
200         $configs_num = $squashweb->get_configs();
201         $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
202
203         $configs = array();
204
205         foreach ($configs_sorted as $key => $value) {
206                 $configs[$key]['squashed'] = $value['squashed'];
207                 $configs[$key]['version'] = $value[0];
208                 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
209                 $configs[$key]['name'] = $value[2];
210                 $configs[$key]['size'] = $value[3];
211                 $configs[$key]['chunk_size'] = $value[4];
212                 $configs[$key]['chunks'] = $value[5];
213                 $configs[$key]['crc'] = $value[6];
214                 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
215                 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
216
217                 $configs[$key]['embedable'] = $embedable;
218                 $configs[$key]['finished'] = $finished;
219                 $configs[$key]['mime'] = $value['mime'];
220                 $configs[$key]['status'] = $value['status'];
221                 $configs[$key]['hidden'] = $value['hidden'];
222                 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
223                 if ($finished) {
224                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
225                 } else {
226                         $continue = true;
227                         foreach($value['stats'] as $sk => $sv) {
228                                 if ($continue) {
229                                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
230                                         if ($sv != '1.00') $continue=false;
231                                 }
232                         }
233                 }
234                 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
235                 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
236         }
237
238
239         //set base folders
240         $basepath['/'] = 'top';
241         $bpath = '';
242         foreach (explode('/', $requestpath) as $key => $value) {
243                 if ($value != '') {
244                         $bpath .= '/'.$value;
245                         $basepath[$bpath] = $value;
246                 }
247         }
248         $smarty->assign('debug', @$_GET['debug']);
249         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
250         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
251         $smarty->assign('folderrights', $squashweb->folderrights());
252
253         $smarty->assign('squashed', $configs);
254         $smarty->assign('base', $basepath);
255         $smarty->assign('currentfolder', $requestpath);
256         $subs = $squashweb->subfolders();
257         if ($subs)
258                 asort($subs);
259         $smarty->assign('subfolders', $subs);
260
261         //if(@$_GET[debug]) print_r($configs);
262         $smarty->display('index.tpl'); //Display normal template
263
264 }
265 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
266 ?>
File squasher